lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: kruse at krusesecurity.dk (Peter Kruse)
Subject: SV: MS03-039 has been released - critical

Hi,

> "The new DoS vulnerability was disclosed by a hacking group 
> in China on July 25, 2003, and functional exploit code is 
> already in use on the Internet. "

This is well known. However it?s not the BoF exploit.

Yet again, the detailed advisory from Eeye makes it fairly easy to write
a working exploit. Although I haven?t seen a PoC yet I would expect it
to be release shortly. It?s a bit harder to exploit than the previous
RPC Dcom weakness but it?s certainly possible.

Please note that Eeye has already released an update for Retina Security
Scanner and I suppose every script kid, cracker or hacker should be able
to sniff to code from Retina going to a remote vulnerable host. You
think? CHAM, yeah?

I suggest we update RPC - again.

Med venlig hilsen // Kind regards

Peter Kruse
Kruse Security
http://www.krusesecurity.dk



Powered by blists - more mailing lists